Hackers could potentially gain control of Chinese weapon systems, US Homeland Security has warned

The US Department of Homeland Security (DHS) has warned that Chinese weapon systems are vulnerable to hackers.

The warning came in a DHS advisory written by the DHS Industrial Control Systems Cyber Emergency Response Team. The document warned that software widely used in China to run weapons systems, utilities and chemical plants has bugs that could allow hackers to damage public infrastructure.

The software is said to be the Sunway ForceControl and pNetPower SCADA/HMI applications, from Beijing-based Sunway ForceControl Technology. This is according to a NSS Labs security researcher, who discovered the flaw.

Control Systems

SCADA stands for Supervisory Control and Data Acquisition, and is used by systems that control, monitor and automate the activities of connected physical systems, such as oil and gas pipeline valves, temperature monitoring and cooling systems, energy grids and traffic lights.

Needless to say, if a hacker were able to access these systems, the potential for damage would be huge.

“Successful exploitation of these vulnerabilities could allow an attacker to perform a remote denial of service or to remotely execute arbitrary code against the ForceControl and pNetPower server applications,” said the DHS advisory. “This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.”

“Impact to individual organisations depends on many factors that are unique to each organisation. ICS-CERT recommends that organisations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation,” it said.

It seems that the Americans opted to co-operate with their Chinese counterparts after the ICS-CERT “co-ordinated with the researcher, China National Vulnerability Database (CNVD), and Sunway to ensure full remediation of the reported vulnerabilities.”

Apparently Sunway has issued two patches that address both vulnerabilities.

Vulnerable Utilities

The Sunway software is also used to control industrial systems in other countries as well.